Geomyidae TLS Prototype
Greetings comrades.
There was yet another discussion about TLS on gopher on this.
mailinglist All positions of all previous discussions were repeated .
How does progress in Open Source work?
It depends on one person just doing it, not discussing it.
At the moment I am moving all my Gentoo machines towards LibreSSL.
There I discovered the nice tls.h file, with a very useful and simple
API. Yes, the OpenSSL ugly API always kept me back from touching it.
There is now a beta TLS support in
git://bitreich.org/geomyidae
You require libressl and tls.h to compile it.
For testing your clients, the beta is now running on
gopher://bitreich.org
and, if you like tor, on
gopher://hg6vgqziawt5s4dj.onion
How does it work?
if (recv(sock, &byte0, 1, MSG_PEEK) < 1)
return 1;
/*
* First byte is 0x16 == 22, which is the TLS
* Handshake first byte.
*/
if (byte0 == 0x16 && dotls) {
istls = 1;
if (tls_accept_socket(tlsctx, &tlsclientctx, sock) < 0)
A selector beginning with 0x16 or 22 is invalid and will be rejected by
every non-supporting server.
The strategy for client support TLS is:
1.) Try to connect using TLS.
2.) If 1.) fails, connect without TLS, if user wishes so.
Depending on the security policy, a client can show this information or
reject to connect.
Clic (git://bitreich.org/clic) already supports TLS and gopher, for
sacc (git://bitreich.org/sacc) the author is working on it. The
bitreich commandline client hurl (git://codemadness.org/hurl) does not
yet support it, but it is easy to add, since it already knows LibreSSL.
Please everyone try it out and report bugs. I am happy to accept
patches.
Sincerely,
Christoph Lohmann
P.S. To further unify gopherspace technology I am working on making as
simple as some CGI script to have .Links, .cap, .abstract and .names
files abstracted in geomyidae.
Reply to: